This blog started as merely a means of describing who was behind certain spam campaigns and which illicit products they were selling illegally. Now it's more of an overall examination of how spam is merely one part of international organized crime.

Monday, November 17, 2008

To anyone who's been investigating spam, or even vaguely following the transformation of illegal spam over the years, the concept of the Nigerian scam seems ludicrous and pathetic. It seems impossible that anybody would NOT know about this scam in this day and age. (They've been received by millions starting in around 2002. How people could not be aware of this scam is beyond me.)

I'm not going to describe what this scam is because there are already thousands of places which do so very effectively. Google the term "Nigerian scam" or "419 scam" and read any of the results you get back.

Numerous websites engage in the "baiting" of the criminals behind these scam messages, often keeping them on the hook for months at a time, wasting considerable time and energy. I highly recommend reading any of the baits going on as we speak on TheScamBaiter.com. If you don't know what a Nigerian scam is, read the "recommended reading" in the postscript. (And tell your friends. More people need to be made aware of how this scam works.)

Since the freezing of SanCash a month ago (which appears to have not slowed them down any, more on that in a subsequent post) my spam intake initially slowed to a crawl across numerous accounts I monitor. Then suddenly all I was seeing was one or another variety of lottery, inheritance or other money exchange scams. They've been abusing every free mail system on the Internet, and I and several colleagues have had numerous successes in getting their email addresses shut down quite rapidly.

However it isn't stopping the influx of spam, and it's now to the point where I am seeing several dozen such emails every single day, often with four to six of them received within the same hour.

Ignoring for the moment the utter stupidity of whoever is mailing this (how could you possibly think anyone would be fooled when they're told they've simultaneously "won" 12 "lotteries" within the same day?), or the effectiveness of these scams, this type of influx in illegal cheque fraud attempts raises numerous questions about how to report this spam, not all of which is very straightforward at all.

Of course, there is no "lottery". I have not "won". There is no "inheritance". It's a scam to get me to send money for any number of "fees" which must be paid first to ensure the money makes its way to my account. It's illegal, and it's most commonly known as check fraud.

Prior to October 2008, reporting abuse of any freemail system was a straightforward affair. Each company has their own contact addresses or abuse processing forms. But you would be surprised at just how ineffective each of these can be when trying to report these abuses, something that takes a bit of extra effort to do in the first place.

I'll itemize the current state of abuse reporting and my experiences with each. I would also like to put out an open call to the abuse teams of Yahoo, Hotmail and Gmail with regards to how to make this abuse reporting process more seamless and effortless for the average user, most of whom have absolutely no idea how to report this abuse to your teams. Further: Hotmail - seriously - wtf? Your abuse team is now among the absolute worst I have ever dealt with. We'll see why in a second.

Gmail

Gmail has arguably the very best method of reporting, and given that they're very much aware of what this scam entails, they are really, really fast at investigating and shutting down offending accounts.

Where to report it: Their abuse reporting form is located here. Make a point of outlining what kind of scam this is. If it's one of those "you have won" messages, that's cheque fraud (aka: Nigerian fraud, "419" fraud.) If it's a "work from home" message, that's money laundering. Make a point of outlining that this is illegal, and abuses their terms of service.

Expected response: Automated single email with a ticket ID. States they are looking into it. Often this is the only response you'll get from Gmail, but guaranteed you'll never see another spam using that Gmail account as the response address.

Yahoo

Yahoo also has an abuse form, but their responses lately lead me to believe that, honestly, that entire abuse team is asleep at the wheel.

After months of successful reports throughout 2008, I suddenly noticed that whoever it is that responds to these abuse reports doesn't really read the reports at all.

Anyone reporting any kind of spam knows that the headers are usually 99% forged. Yahoo apparently focuses solely on the headers, and if they determine that the message wasn't sent using Yahoo mail, they'll conclude that there's nothing wrong with the account, even if the message body says "I want to steal your money and kill your family, so email me at myillegalaccount@yahoo.com". They will, almost to a person, completely ignore the message body and the complaint. This HAS to change. This is not 1999 anymore. This scam should be extremely well-known to every free-mail provider on the planet. I spend more time explaining this scam to abuse handlers than should ever be necessary.

Where to report it: The Yahoo abuse form is located here. As mentioned above, you really have to spell out not only that this is illegal, you have to try to get their attention that the headers are not necessarily how to tell that Yahoo's mail service is being abused.

Expected response: Automated single email with a ticket ID, followed anywhere from 2 to 6 days later with a followup as to what their conclusion was. If that conclusion is "we saw that Yahoo was not used to send this message", you have to reply to that message and clarify that 1) they need to learn how to handle a nigerian fraud message and 2) They need to look beyond the headers.

Why this is the case now is baffling. Yahoo: clean up your act!

AOL

AOL is quite long-in-the-tooth at handling abuse requests - which isn't surprising, since they originated a lot of the filtering and other abuse processes we now all take for granted. They appear to have a decent, if slightly slow, abuse team. In light of recent successes in shutting down Gmail and Yahoo addresses, AOL is fast becoming the free-mail provider of choice for Nigerian scammers.

Where to report it: Send the entire message, including full headers, to: TOSEmail1@aol.com.

Expected response: Automated single email. I often don't hear anything else after that, but I also don't appear to receive any further messages sporting the offending address.

Sify.com Email

I know what you're thinking: Sify.com??

Sify is the Indian equivalent of Hotmail or Yahoo mail. It's an independent portal located in Mumbai. Over the past year I have seen a shift from Gmail and Yahoo to Sify, which indicates there have been enough successful shutdowns that now they're really looking for any free-mail port in a storm. Sify has an abuse reporting address, but, as far as I can tell, no defined abuse process.

Where to report it: Send the entire message, including full headers, to: customercare@sify.com.

Expected response: [crickets...] I've never received any response from Sify mail. It's really sporadic when I do see an inbound scam message featuring a sify.com address.

Hotmail

Here's where I begin to lose my mind, and I'd have to say at this point that Hotmail effectively has no abuse reporting process for this type of scam, or indeed for any abuse of Hotmail involved with spam.

For years I was reporting these scams to abuse@hotmail.com, but then last year they introduced report_spam@hotmail.com. Reports sent to that address went unanswered, but then in June would send an automated message claiming that I should instead report the abuse to abuse@hotmail.com. (Huh?)

I later discovered that MSN also has the same two addresses, so I began reporting every such abused address to all four:

That resulted in four of the same automated messages, but it did finally also result in a followup message stating that the account had been terminated.

Starting in October 2008, however, all messages reporting abuse sent to those four addresses were all bounced. The reason?

They contained content which appeared to be spam.

Honestly: Hotmail abuse team - HOW do we report this abuse to you? If anyone at Hotmail abuse is reading this, I would very much appreciate you responding by posting a comment here (I won't publish it if you want to just reach me directly.) This has GOT to change.

Hotmail and MSN Live Spaces are, as we speak, essentially owned by criminals. The only sites I am ever referred to on MSN live spaces featured content which has been automatically generated for use in spam campaigns, by "users" who have clearly also been created via some automated means.

If anyone at Hotmail / MSN abuse is reading this: we as angry recipients of illegal spam would like an explanation. You're clearly falling way, way behind in handling this type of abuse, and it's leading to many people being scammed out of their life savings. What gives?

In closing, here's the recent tally of my "lottery winnings" from just this past Friday (Nov. 15, 2008) and today (Nov. 17, 2008)

$1.500,000.00 in cash [Apparently waiting for me in a package being held at the FEDEX DELIVERY COURIER COMPANY.]

Six million US Dollars [Waiting to be invested "into profitable areas of business in your country"]

If I wait two more hours I guarantee I will win at the bare minimum another million dollars USD. The best part is: it looks like everyone's a winner (they are always sent to "multiple recipients", never just to me.) Let's buy each other a drink shall we?

I'll see about including a tally widget on the sideline of this blog. Any wagers that I "win" a billion dollars by Xmas?

7 comments:

As IKS stated, this is not 1999, these are criminals here and they must be stopped.

Put holds on their accounts (the account e-mail addresses referenced within these spam lottery messages) and hold their mail.

Put it to use for government prosecution use. I'm sure the government could benefit from both, the criminals who set up these accounts, as well as the greedy netizens who choose to respond to this spam in hopes of "striking it rich" - hell, get both sides incarcerated!

Incarceration is the next best answer. We don't need another Windongs Dead NoCare 2012 version 10.0 to battle this spam. The solution lies within the abuse desks but filtering is no option.

An abuse desk that contains incoming mail filtering is completely useless, since the address, will indeed receive "abuse" complaints.

We, the under(and above)-signed are sick and tired of abuse desks who lack the knowledge or power in patrolling their service for abuse.

A quick update: I've already surpassed half a billion US dollars in "winnings" from these "lotteries", and it's only been 15 days. On average I continue to "win" from 7 - 10 lotteries per day. These are some really idiotic scammers.

My running total of dailiy "winnings" from various "lotteries" and "inheritances" has reached just over 1 billion dollars. It took 33 days to accomplish this, winning - on average - five lotteries per day, and being informed that I am the recipient of at least 3 - 5 inheritances per day, every day, since Nov. 17th, 2008.

Today's winnings alone:

* $125,750,000.00 USD in the "Mastercard Lottery"* 1,200,000.00 GBP [$1,799,033.02 USD] in a Nigerian inheritance* $1,600,000.00 in the "Toyota Lottery"* $800,000.00 as second prize winner in the Microsoft Lottery

That's a total of $129,949,033.02 USD for just today (and it's not even noon yet.)

> I have been getting a lot using mmLite. Who do I report to for that one?

I need a lot more information than that. "using" how? What do you mean?

The way to report these is by getting their free email accounts shut down. That's the only way. If your focusing on other headers, that won't help you track anything else down. Only reporting the email addresses called out in the message itself, or those used as reply addresses will have any effect.

I believe mmLite is a server setup, not a free email provider, but then I don't know what you mean.

SpamIsLame

About Me

I am an independent fighter of those who choose to spam illegally, promoting either fake or illegal products to an unsuspecting public. Like most people, I despise illegal spammers and I will continue to spread knowledge on how to impact their ability to profit from spamming. There is a difference between "marketing" and spamming. Those who claim otherwise are idiots.